CVE DATABASE / CVE-2009-0558
CVE-2009-0558
CVSS 9.3 · HIGH
Summary
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
CVSS 2.0 breakdown
| Base score | 9.3 (HIGH) |
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Attack vector | NETWORK |
| Attack complexity | MEDIUM |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Weakness type (CWE)
Affected products
Microsoft officeMicrosoft office compatibility pack for word excel ppt 2007Microsoft office excelMicrosoft office excel viewerMicrosoft office sharepoint serverMicrosoft open xml file format converter
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://osvdb.org/54954
- http://secunia.com/secunia_research/2009-1/
- http://www.securityfocus.com/archive/1/504188/100/0/threaded
- http://www.securityfocus.com/bid/35242
- http://www.securitytracker.com/id?1022351
- http://www.us-cert.gov/cas/techalerts/TA09-160A.html
- http://www.vupen.com/english/advisories/2009/1540
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.